Breaches in cybersecurity are a serious threat to both government and business. Attacks can damage brand reputation, interrupt business continuity, and affect the bottom line.
Last year we saw a number of damaging cyber intrusions and attacks, from the Australian Census to Adult Friend Finder and the Red Cross, these high profile cases highlight the need for better security and policy both at IT level and in general staff behaviour.
The following tips should help you better protect your brand, business, and workplace from cyber attacks. Regardless of the size and scope of your business, you can never be too careful with your digital assets.
Keeping your small business secure
Small businesses are increasingly at risk where funding and manpower for technology endeavours is limited. Many SMBs are using out of date security, have unpatched servers and computers, and no real policy on internet usage, social media access and WiFi.
But small businesses also have advantages over enterprise companies when it comes to adaptability, agility and communication. Spear phishing, where attackers masquerade as executives to obtain crucial information is less likely to affect businesses with small teams. Leveraging the innate knowledge and experience of your staff is one way to fight back as a small business and protect your assets.
If all else fails, cyber insurance is an option to consider if your business is a victim of cybercrime. Investing in cyber insurance can handle your damage control by covering the costs for stolen data, managing PR if your brand is affected and assisting with the investigation of the security breach.
Industry specific security: Do you have it?
Threats to business can be industry specific. The Internet of Things provides real opportunities for eCommerce and logistics to gather better data from a variety of touchpoints and also utilise machine learning to automate workflow processes.
However, it also opens up these industries to increased malware intrusion and phishing attacks.
If your business is reliant on IoT, you’ll want to ensure there’s a reliable update policy in place and that device security is a priority over cost and speed of deployment.
Financial Services industries are also at greater risk. With increasing virtualisation of transactions and money moving faster and further, keeping track of legitimate transaction data and sifting out fraud places an incredible strain on the companies.
The potential of blockchain to streamline and validate transactions is one potential solution to digital security in financial services. How and when this is implemented, and whether it can offer true protection from cybercrime remains to be seen.
What is important is that brands maintain a strong relationship between their cybersecurity policy, real world implementation, and staff training and technology investment.
Keep the code covered
When it comes to protecting your personal details, online ticketing is one area where companies are most at risk. It’s not just through digital intrusions either, sharing via social media, unsecured email addresses and storing ticketing information in vulnerable locations are all ways in which staff can put these companies at risk.
- A staff member who shares a picture of their conference ticket online
- A sales trip itinerary stored in an unsecured Dropbox
- Cabcharge information available online through a common login
These are all potential risk situations. While best practice would be to avoid them altogether when a business has a critical need to store ticketing information online, make sure you cover the barcode and any important serial numbers. That way, at least it will be harder for hackers to profit off their activities.
Not just the ticket holders at risk
When it comes to ticketing theft it’s not just the ticket holders at risk. Online sales of stolen ticketing information in places like Gumtree and eBay cost unwitting consumers hundreds, if not thousands of dollars. In fact, in England alone the National Intelligence Bureau estimates around £5.2 billion pounds were lost through online fraud in 2016.
Beating complacency around the workplace
Complacency is a big issue when it comes to online security. Lifehacker reports:
“Despite knowing the dangers, consumers seem to have a false sense of security and innately trust technology vendors to secure their products, especially with internet-of-things (IoT) devices.”
In fact a survey by Symantec found that around 76% of Australians engaged in online risk taking despite knowing they need to actively protect their information. Worryingly, 1 in 4 Australians can’t tell the difference between a phishing email and a legitimate message.
Here, education is important. IT teams often forget that many of their colleagues aren’t engaged full time in technical endeavours and don’t have the same innate concern for digital security. Working groups and seminars can help sort through issues of complacency, but it also falls on managers to create awareness of the real world impacts that come from cybercrime intrusions.
Staying secure on social media
As a platform for blending our digital lives with reality, social media represents the perfect storm of conditions for malicious phishing attacks and identity theft. Many social media users keep much of their personal profile public, increasing the risk to your personal information.
But what exactly are the risks?
Well social media is all about our identity, and that means it can tie into more than just photos of last week’s office party:
- Intrusions on your LinkedIn and other business social accounts can lead to damaged reputations
- Use of public information to hack into other accounts (bank accounts, email etc)
- Users posting secure corporate information on their personal accounts
- Phishing attempts through social sites that try to obtain valuable information (Social media phishing scams rose by 150% in 2016)
Migrating damage caused by social media
To improve social media security and mitigate the risks at your workplace, consider the following steps:
- Design social media policy
In consultation with relevant stakeholders and divisions, clearly define acceptable social media use and best practice for your staff. You’ll want to include the following:
- Rules for creating secure passwords
- Guidelines for avoiding spam, phishing and human error
- Policy for sharing branded content and brand representation
- Disaster recovery guidelines
- Train your staff
While many of your employees will have social media accounts it’s unlikely they are familiar with security best practice. Education is the best way to protect your business against human error, spam and phishing attacks on social.
- Control access
Make it policy that only those who have completed social media training can access the business social media accounts. Keep track of access levels and create sign off funnels where appropriate.
- Assign leadership
You want someone in charge of your social media strategy, from brand monitoring, staff training and policy implementation. You will want a central point of authority to ensure cohesion across your brand.